Question: I have heard that a new anti-phishing feature in the most recent version of Microsoft's Internet Explorer web browsing software (version 7.0) may reduce e-commerce traffic on my company's web site. Is this true? If so, how can I prevent it?
Answer: This is potentially true. To prevent it, you will to need to have your web site "verified" through the "Extended Validation Certificate" program, which is currently only open to limited liability companies or partnerships and S or C corporations. But you may be able to leverage this new feature of Microsoft's web browsing software to your company's advantage. In other words, you may be able to use this new feature to help thwart "phishing" attacks against your web site. Here are the details:
This feature of Microsoft's new web browsing software is intended to warn end users when they are visiting web sites that may be fraudulent "phishing" sites. Sites that have been verified as legitimate through this program will trigger the browser to display a green address bar. Sites that have not been verified will not trigger the green address bar. As Microsoft's new web browsing software becomes more widely adopted, and if, over time, users begin to distrust web sites that do not have the green address bar, some users may decline to conduct e-commerce on those web sites.
To have its web site trigger the desirable green address bar, a company must:
- Be a limited liability company or partnership, or an S or C corporation (not a sole proprietorship or a general partnership); and
- Apply through one of the certification authorities listed at http://www.cabforum.org/forum.html
Before issuing the certificate necessary for the green bar to be displayed, the certification authority will confirm with the company's incorporating agency that:
- The company legally exists as a valid entity in the jurisdiction of incorporation;
- The company's legal name matches the name on its incorporation papers; and
- If an assumed name is used, the assumed name is properly registered with the incorporating jurisdiction.
The company will be required to provide the certification authority with its incorporation registration number, and the identity and address of its registered agent or registered office, as applicable in the company's jurisdiction. Finally, the certification authority will take steps to verify that the company has the exclusive right to use the applicable domain name, and that such company has authorized the issuance of the certificate.
Companies that fit the above criteria should consider applying to a certification authority for verification. In particular, companies whose web sites are prone to being targeted by "phishing" schemes may find the green bar an effective means to show users that they are visiting the company's legitimate web site, and not a fraudulent "phishing" site.
However, the fact that not all forms of corporate entities are eligible to obtain the certificate has been the subject of criticism, and has discouraged other web browsing software vendors from adopting the program.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.